How to disable log in /var/log/messages?

Elastic Stack Elasticsearch
1

My Elasticsearch are saving logs in / var / log / messages.

eg:

tail -n 100 /var/log/messages | grep elastic

Sep 27 14:09:19 test elasticsearch: at org.elasticsearch.index.query.QueryStringQueryParser.parse(QueryStringQueryParser.java:227)
Sep 27 14:09:19 test elasticsearch: ... 23 more
Sep 27 14:09:19 test elasticsearch: Caused by: org.apache.lucene.queryparser.classic.ParseException: Encountered "" at line 1, column 13.
Sep 27 14:09:19 test elasticsearch: Was expecting one of:
Sep 27 14:09:19 test elasticsearch: ...
Sep 27 14:09:19 test elasticsearch: "(" ...
Sep 27 14:09:19 test elasticsearch: "*" ...
Sep 27 14:09:19 test elasticsearch: ...
Sep 27 14:09:19 test elasticsearch: ...
Sep 27 14:09:19 test elasticsearch: ...
Sep 27 14:09:19 test elasticsearch: ...
Sep 27 14:09:19 test elasticsearch: ...
Sep 27 14:09:19 test elasticsearch: "[" ...
Sep 27 14:09:19 test elasticsearch: "{" ...
Sep 27 14:09:19 test elasticsearch: ...
Sep 27 14:09:19 test elasticsearch: at org.apache.lucene.queryparser.classic.QueryParser.generateParseException(QueryParser.java:698)
Sep 27 14:09:19 test elasticsearch: at org.apache.lucene.queryparser.classic.QueryParser.jj_consume_token(QueryParser.java:580)
Sep 27 14:09:19 test elasticsearch: at org.apache.lucene.queryparser.classic.QueryParser.Clause(QueryParser.java:265)
Sep 27 14:09:19 test elasticsearch: at org.apache.lucene.queryparser.classic.QueryParser.Query(QueryParser.java:171)
Sep 27 14:09:19 test elasticsearch: at org.apache.lucene.queryparser.classic.QueryParser.TopLevelQuery(QueryParser.java:160)
Sep 27 14:09:19 test elasticsearch: at org.apache.lucene.queryparser.classic.QueryParserBase.parse(QueryParserBase.java:117)
Sep 27 14:09:19 test elasticsearch: ... 25 more
Sep 27 14:15:21 test elasticsearch: [2016-09-27 14:15:21,071][INFO ][cluster.metadata ] [David Cannon] [index-2016.09.27] update_mapping [index-alerts]
Sep 27 14:15:21 test elasticsearch: [2016-09-27 14:15:21,683][INFO ][cluster.metadata ] [David Cannon] [indexall-2016.09.27] update_mapping [indexall]
Sep 27 14:37:56 test elasticsearch: [2016-09-27 14:37:56,675][INFO ][cluster.metadata ] [David Cannon] [indexall-2016.09.27] update_mapping [indexall]
Sep 27 14:37:56 test elasticsearch: [2016-09-27 14:37:56,697][INFO ][cluster.metadata ] [David Cannon] [index-2016.09.27] update_mapping

anyone knows how disable it?

2

rwagner,
do you want logs to go somewhere else or just turn off logging for Elasticsearch?

Elasticsearch logging is controlled by elasticsearch.yml.
Look for lines
Elasticsearch logging is controlled by elasticsearch.yml.
Look for lines:

Path to log files:
path.logs: /var/log/master

If you change this to another folder then chown the folder to elasticsearch:elasticsearch (or whatever your elasticsearch user:group is.)

If you don't want it to log anything change this to a black hole or don't chown the folder to elasticsearch user.
HOWEVER
I would not disable logging, I would just point to a different location and set up logrotation to keep file size down.

Mark